Landrun: Sandbox any Linux process using Landlock, no root or containers

landrun A lightweight, secure sandbox for running Linux processes using Landlock LSM. Think firejail, but with kernel-level security and minimal overhead. Features 🔒 Kernel-level security using Landlock LSM 🚀 Lightweight and fast execution 🛡️ Fine-grained access control for directories 🔄 Support for read and write paths ⚡ Optional execution permissions for allowed paths 🌐 TCP network access control (binding and connecting) Demo Requirements Linux kernel 5.13 or later with Landlock LSM enabled Linux kernel 6.8 or later for network restrictions (TCP bind/connect) Go 1.18 or later (for building from source) Installation Quick Install go install github.com/zouuup/landrun/cmd/landrun@latest From Source git clone https://github.com/zouuup/landrun.git cd landrun go build -o landrun cmd/landrun/main.go sudo cp landrun /usr/local/bin/ Usage Basic syntax: landrun [options] < command > [args...] Options --ro : Allow read-only access to specified path (can be specifie ... Read full article.